]>
CyberLeo.Net >> Repos - FreeBSD/releng/10.3.git/log
gordon [Wed, 4 Apr 2018 05:43:03 +0000 (05:43 +0000)]
Fix multiple small kernel memory disclosures. [EN-18:04.mem]
Reported by: Ilja van Sprundel
Approved by: so
Security: CVE-2018-6919
Security: FreeBSD-EN-18:04.mem
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@331987
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 4 Apr 2018 05:40:48 +0000 (05:40 +0000)]
Update timezone database information. [EN-18:03.tzdata]
Submitted by: philip
Approved by: so
Security: FreeBSD-EN-18:03.tzdata
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@331986
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 4 Apr 2018 05:37:52 +0000 (05:37 +0000)]
Fix ipsec crash or denial of service. [SA-18:05.ipsec]
Reported by: Maxime Villard
Approved by: so
Security: CVE-2018-6918
Security: FreeBSD-SA-18:05.ipsec
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@331985
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 4 Apr 2018 05:33:56 +0000 (05:33 +0000)]
Fix vt console memory disclosure. [SA-18:04.vt]
Bump newvers.sh and UPDATING for today's patches.
Submitted by: emaste
Reported by: Dr Silvio Cesare of InfoSect
Approved by: so
Security: CVE-2018-6917
Security: FreeBSD-SA-18:04.vt
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@331984
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Thu, 8 Mar 2018 06:17:07 +0000 (06:17 +0000)]
Bump newvers and document the updated patch for SA-18:01.ipsec
Approved by: so
Security: FreeBSD-SA-18:01.ipsec
Security: CVE-2018-6916
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@330631
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 7 Mar 2018 17:16:41 +0000 (17:16 +0000)]
Correct patch for ipsec vulnerability.
Approved by: so
Security: FreeBSD-SA-18:01.netipsec
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@330611
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 7 Mar 2018 06:04:25 +0000 (06:04 +0000)]
Update file(1) to new version with security update. [EN-18:02.file]
Approved by: so
Security: FreeBSD-EN-18:02.file
Security: CVE-2017-
1000249
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@330569
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 7 Mar 2018 06:01:44 +0000 (06:01 +0000)]
Update timezone database information. [EN-18:01.tzdata]
Approved by: so
Security: FreeBSD-EN-18:01.tzdata
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@330568
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 7 Mar 2018 05:58:24 +0000 (05:58 +0000)]
Fix multiple vulnerabilities in ntp. [SA-18:02.ntp]
Approved by: so
Security: FreeBSD-SA-18:02.ntp
Security: CVE-2018-7182
Security: CVE-2018-7170
Security: CVE-2018-7184
Security: CVE-2018-7185
Security: CVE-2018-7183
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@330567
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 7 Mar 2018 05:53:35 +0000 (05:53 +0000)]
Fix ipsec validation and use-after-free. [SA-18:01.ipsec]
Approved by: so
Security: FreeBSD-SA-18:01.ipsec
Security: CVE-2018-6916
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@330566
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Sat, 9 Dec 2017 03:45:23 +0000 (03:45 +0000)]
Fix error state handling
Approved by: so
Security: CVE-2017-3737
Security: FreeBSD-SA-17:12.openssl
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@326723
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 29 Nov 2017 05:59:50 +0000 (05:59 +0000)]
Fix OpenSSL out-of-bounds read vulnerability.
Security: FreeBSD-SA-17:11
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@326359
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 15 Nov 2017 22:51:08 +0000 (22:51 +0000)]
Properly bzero kldstat structure to prevent information leak. [SA-17:10]
Approved by: so
Security: FreeBSD-SA-17:10.kldstat
Security: CVE-2017-1088
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@325878
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 15 Nov 2017 22:45:13 +0000 (22:45 +0000)]
Fix namespace issue in POSIX shm implementation for jails. [SA-17:09]
Approved by: so
Security: FreeBSD-SA-17:09.shm
Security: CVE-2017-1087
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@325873
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Wed, 15 Nov 2017 22:40:46 +0000 (22:40 +0000)]
Fix kernel data leak via ptrace(PT_LWPINFO). [SA-17:08]
Approved by: so
Security: FreeBSD-SA-17:08.ptrace
Security: CVE-2017-1086
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@325871
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Thu, 2 Nov 2017 15:38:24 +0000 (15:38 +0000)]
Update timezone database information. [EN-17:09]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@325322
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gordon [Thu, 19 Oct 2017 03:19:42 +0000 (03:19 +0000)]
Fix WPA2 protocol vulnerability. [SA-17:07]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@324740
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 10 Aug 2017 06:59:43 +0000 (06:59 +0000)]
Fix OpenSSH Denial of Service vulnerability. [SA-17:06]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@322344
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 12 Jul 2017 15:16:01 +0000 (15:16 +0000)]
Add the missed Heimdal patch, freebsd-update bits are not affected.
Noticed by: gordon
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@320915
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 12 Jul 2017 08:07:55 +0000 (08:07 +0000)]
Fix heimdal KDC-REP service name validation vulnerability [SA-17:05]
Boot compatibility improvements with Azure VMs. [EN-17:06]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@320912
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 27 Apr 2017 06:52:30 +0000 (06:52 +0000)]
Fix ipfilter(4) fragment handling panic.
Security: FreeBSD-SA-17:04.ipfilter
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@317487
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 12 Apr 2017 06:24:35 +0000 (06:24 +0000)]
Fix multiple vulnerabilities of ntp. [SA-17:03]
Xen migration enhancements. [EN-17:05]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@316722
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 23 Feb 2017 07:12:18 +0000 (07:12 +0000)]
Fix OpenSSL RC4_MD5 cipher vulnerability.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@314126
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 11 Jan 2017 06:01:23 +0000 (06:01 +0000)]
Fix multiple vulnerabilities of OpenSSH.
Security: FreeBSD-SA-17:01.openssh
Security: CVE-2016-10009
Security: CVE-2016-10010
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@311916
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Thu, 22 Dec 2016 16:19:05 +0000 (16:19 +0000)]
Fix multiple vulnerabilities of ntp.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@310419
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Wed, 7 Dec 2016 23:31:07 +0000 (23:31 +0000)]
Merge r309688: address regressions in SA-16:37.libc.
PR: 215105
Submitted by: <jtd2004a sbcglobal.net>
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@309693
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 6 Dec 2016 18:49:48 +0000 (18:49 +0000)]
Fix possible login(1) argument injection in telnetd(8). [SA-16:36]
Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
Fix warnings about valid time zone abbreviations. [EN-16:19]
Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd
Security: FreeBSD-SA-16:37.libc
Security: FreeBSD-SA-16:38.bhyve
Errata Notice: FreeBSD-EN-16:19.tzcode
Errata Notice: FreeBSD-EN-16:20.tzdata
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@309634
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Mon, 5 Dec 2016 23:30:13 +0000 (23:30 +0000)]
Update tzdata to 2016i.
Note: because of what appears to be a missing MFC to stable branches,
these patches were generated by doing:
% rsync -av stable/10/contrib/tzdata releng/10.x/contrib/tzdata
% svn add releng/10.x/contrib/tzdata
Errata Notice: EN-16:19
Submitted by: gjb
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@309577
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Mon, 5 Dec 2016 23:13:16 +0000 (23:13 +0000)]
Merge r307359 from stable/10:
Incorporate a change from OpenBSD by millert@OpenBSD.org
Don't warn about valid time zone abbreviations. POSIX
through 2000 says that an abbreviation cannot start with ':', and
cannot contain ',', '-', '+', NUL, or a digit. POSIX from 2001
on changes this rule to say that an abbreviation can contain only
'-', '+', and alphanumeric characters from the portable character
set in the current locale. To be portable to both sets of rules,
an abbreviation must therefore use only ASCII letters." Adapted
from tzcode2015f.
Errata Notice: EN-16:19.tzcode
Submitted by: bapt
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@309572
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 2 Nov 2016 07:23:36 +0000 (07:23 +0000)]
Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:33.openssh
Security: FreeBSD-SA-16:35.openssl
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@308203
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 25 Oct 2016 17:11:15 +0000 (17:11 +0000)]
Revised SA-16:15. The initial patch didn't cover all possible overflows
based on passing incorrect parameters to sysarch(2).
Security: SA-16:15
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@307934
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 25 Oct 2016 16:45:55 +0000 (16:45 +0000)]
EN-16:17: virtual memory issues.
Due to increased parallelism and optimizations in several parts of the
system, the previously latent bugs in VM become much easier to trigger,
affecting a significant number of the FreeBSD users. The exact technical
details of the issues are provided in the commit messages of the merged
revisions, which are listed below with short summaries.
r301184 prevent parallel object collapses, fixes object lifecycle
r301436 do not leak the vm object lock, fixes overcommit disable
r302243 avoid the active object marking for vm.vmtotal sysctl, fixes
"vodead" hangs
r302513 vm_fault() race with the vm_object_collapse(), fixes spurious
SIGSEGV
r303291 postpone BO_DEAD, fixes panic on fast vnode reclaim
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@307929
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
emaste [Fri, 14 Oct 2016 17:43:39 +0000 (17:43 +0000)]
Remove duplicate file content from patch misapplication in r306941
The three files affected were tests and aren't normally built so this
had no user-facing effect in the normal case.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@307329
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Mon, 10 Oct 2016 07:18:54 +0000 (07:18 +0000)]
Fix bspatch heap overflow vulnerability. [SA-16:29]
Fix multiple portsnap vulnerabilities. [SA-16:30]
Fix multiple libarchive vulnerabilities. [SA-16:31]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@306941
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Mon, 26 Sep 2016 08:21:29 +0000 (08:21 +0000)]
Apply upstream revision
3612ff6fcec0e3d1f2a598135fe12177c0419582 :
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by
07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@306336
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Fri, 23 Sep 2016 07:48:34 +0000 (07:48 +0000)]
Fix multiple OpenSSL vulnerabilitites.
Approved by: so
Security: FreeBSD-SA-16:26.openssl
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@306230
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Fri, 12 Aug 2016 04:01:16 +0000 (04:01 +0000)]
Release 6 errata notices for 10.3-RELEASE, all related to Microsoft Hyper-V.
Submitted by: Dexuan Cui <decui microsoft.com>, gjb
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@303984
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Mon, 25 Jul 2016 15:04:17 +0000 (15:04 +0000)]
Fix bspatch heap overflow vulnerability. [SA-16:25]
Fix freebsd-update(8) support of FreeBSD 11.0 release
distribution. [EN-16:09]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@303304
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Sat, 4 Jun 2016 05:46:52 +0000 (05:46 +0000)]
Fix multiple ntp vulnerabilities.
Security: FreeBSD-SA-16:24.ntp
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@301301
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 31 May 2016 16:55:50 +0000 (16:55 +0000)]
Fix kernel stack disclosure in Linux compatibility layer. [SA-16:20]
Fix kernel stack disclosure in 4.3BSD compatibility layer. [SA-16:21]
Security: SA-16:20
Security: SA-16:21
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@301052
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 31 May 2016 16:35:03 +0000 (16:35 +0000)]
Merge r300361 by mm@:
Backport security fix for absolute path traversal
vulnerability in bsdcpio.
Security: CVE-2015-2304
Security: SA-16:22
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@301048
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Tue, 17 May 2016 22:28:27 +0000 (22:28 +0000)]
- Use unsigned version of min() when handling arguments of SETFKEY ioctl.
- Validate that user supplied control message length in sendmsg(2)
is not negative.
Security: SA-16:18
Security: CVE-2016-1886
Security: SA-16:19
Security: CVE-2016-1887
Submitted by: C Turt <cturt hardenedbsd.org>
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@300087
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Wed, 4 May 2016 15:25:47 +0000 (15:25 +0000)]
Fix multiple OpenSSL vulnerabilitites. [SA-16:17]
Fix performance regression in libc hash(3). [EN-16:06]
Fix excessive latency in x86 IPI delivery. [EN-16:07]
Fix memory leak in ZFS. [EN-16:08]
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@299066
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
delphij [Fri, 29 Apr 2016 08:02:31 +0000 (08:02 +0000)]
Fix ntp multiple vulnerabilities.
Approved by: so
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@298770
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Fri, 25 Mar 2016 01:02:12 +0000 (01:02 +0000)]
Update releng/10.3 to -RELEASE status in preparation for the final
10.3-RELEASE builds.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297264
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Fri, 25 Mar 2016 00:58:34 +0000 (00:58 +0000)]
Anticipate the expected 10.3-RELEASE date.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297262
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Fri, 25 Mar 2016 00:58:15 +0000 (00:58 +0000)]
Set the static abitag to the current value of __FreeBSD_version.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297261
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Fri, 25 Mar 2016 00:32:43 +0000 (00:32 +0000)]
Prune empty sections.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297257
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
hrs [Thu, 24 Mar 2016 22:15:51 +0000 (22:15 +0000)]
- Update relnotes items:
grdc(6) 12-hour mode fixed,
inetd(8) crash with IPv6 address fixed,
netstat(1) statistics counter divided by 1024 fixed,
rc.d/netif now updates only static routes,
vt(4) kern.vt.bell_enable,
puc(4) MSI support,
epair(4) and lagg(4) cloner vnet jail support,
epair(4) panic fixed,
lagg(4) per-interface sysctl nodes replaced with ifconfig flags,
lagg(4) panic fixed,
SIOCGDRLST_IN6 and SIOCGPRLST_IN6 ioctls removed.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297254
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
hrs [Thu, 24 Mar 2016 21:38:52 +0000 (21:38 +0000)]
- Update relnotes items:
reword description about ar -D/-U option,
camcontrol(8) fwdonwload improvements,
pkill -j jailname support,
timeout(1) added,
ypinit(8) eui64 NIS map,
kern.features.invariants sysctl added.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297246
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
hrs [Thu, 24 Mar 2016 21:03:16 +0000 (21:03 +0000)]
- Update relnotes items:
last reboot now works again,
mv(1) return value has been fixed,
mkimg(1) dynamic VHD format fixed,
pw(8) userdel/usermod -y option,
watchdogd(8) -x option added,
rc.firewall now uses ipfw tables when firewall_type="SIMPLE",
imxwdt driver fixed,
uart(4) PPS polarity fixed,
user(4) dev.uart.pps_mode added,
uftdi(4) new ioctls to read/write eeprom,
legacy ata(4) drivers removed.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297245
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
hrs [Thu, 24 Mar 2016 20:00:07 +0000 (20:00 +0000)]
Fix FPIs.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297240
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
hrs [Thu, 24 Mar 2016 19:50:12 +0000 (19:50 +0000)]
- Fix FPIs and catalog entries.
- Fix typos.
- Update relnotes items:
ctladm(8) return value bugfix,
ifconfig -v now displays SFP/SFP+ data,
add updstream changeset id to the libarchive(3) improvement,
vt(4) ALT_BREAK_TO_DEBUGGER support added,
thread_create() API added,
pms(4) removed from GENERIC for amd64/i386,
kern.racct.enable fixed,
cxgbe(4) firmware updated to 1.14.4.0,
pf(4) logging issue fixed,
LLENTRY_DELETED event in NDP fixed.
- Edit items:
s/Timezone data files/Time zone database/,
-manage-gids flag is for nfsuserd, not nfsd.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297239
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Wed, 23 Mar 2016 00:53:31 +0000 (00:53 +0000)]
In preparation for 10.3-RELEASE, revert r296976, i. e. the merge of
r296416 (head) and r296969 (stable/10) respectively. With SAVESIGVEC
enabled, csh(1) and tcsh(1) leak signal masks after spawning external
commands. This causes strange effects like for example SIGTERM not
being delivered to rc(8) scripts on shutdown albeit these use sh(1),
if csh(1) or tcsh(1) are used as login shell of root. As such r296976
causes way more problems than it solves.
It is anticipated that a proper changeset for the original problem
will be issued as an Errata Notice post-10.3-RELEASE.
PR: 208132
Approved by: re (gjb)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@297204
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Fri, 18 Mar 2016 00:02:46 +0000 (00:02 +0000)]
Update releng/10.3 to RC3 in preparation for 10.3-RC3 builds.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296998
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
allanjude [Thu, 17 Mar 2016 21:49:20 +0000 (21:49 +0000)]
MFC: r296996
Remove 50% ZFS conditional from bsdinstall/zfsboot
PR: 208094
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296997
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
mav [Thu, 17 Mar 2016 11:06:43 +0000 (11:06 +0000)]
Add paragraph about isp(4) improvements.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296985
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
mp [Thu, 17 Mar 2016 01:17:42 +0000 (01:17 +0000)]
MFC 296416:
Signal handling within tcsh vfork code path will conflict with some system
libraries (such as libthr) which maintain their own signal state. This
change adds the tcsh SAVESIGVEC option to save and restore the sigvecs for
the signals the child modifies before it execs.
Reviewed by: kib, rwatson
Reported by: kib
Approved by: re
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296976
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
glebius [Wed, 16 Mar 2016 22:46:57 +0000 (22:46 +0000)]
Merge r296956:
Due to invalid use of a signed intermediate value in the bounds checking
during argument validity verification, unbound zero'ing of the process LDT
and adjacent memory can be initiated from usermode.
Submitted by: CORE Security
Patch by: kib
Security: SA-16:15
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296959
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
ian [Wed, 16 Mar 2016 17:35:55 +0000 (17:35 +0000)]
MFC 296943:
Require firewall setup before running rc.d/netwait, otherwise the ping
packets sent by netwait may not get through.
PR: 207916
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296946
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
kib [Wed, 16 Mar 2016 17:01:24 +0000 (17:01 +0000)]
MFC r296908:
Force the desired alignment of the user save area.
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296945
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
bdrewery [Tue, 15 Mar 2016 19:45:24 +0000 (19:45 +0000)]
MFS r296911:
Filemon: Attach from the child to avoid racing with the parent attach.
Relnotes: yes
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296917
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
dchagin [Tue, 15 Mar 2016 19:34:58 +0000 (19:34 +0000)]
MFS r296797:
MFC r296542: Load linux64 module for amd64 if Linux abi enabled.
Reviewed by: emaste@
Approved by: re (marius)
Differential Revision: https://reviews.freebsd.org/D5567
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296916
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
kib [Tue, 15 Mar 2016 17:09:27 +0000 (17:09 +0000)]
MFC r296320:
Adjust _callout_stop_safe() return value for the subr_sleepqueue.c needs
when migrating callout was blocked, but running one was not.
PR: 200992
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296913
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Tue, 15 Mar 2016 15:24:14 +0000 (15:24 +0000)]
Correct program name: s/shutdown/reboot/
Submitted by: Harald Schmalzbauer
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296900
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 14:15:26 +0000 (14:15 +0000)]
Add missing xml:id to reduce diff when copying to doc/ tree.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296860
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 13:57:45 +0000 (13:57 +0000)]
Remove a few references to 9.2 and earlier.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296859
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 13:45:59 +0000 (13:45 +0000)]
Connect the installation chapter to the build.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296858
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 13:45:38 +0000 (13:45 +0000)]
Add the installation chapter back.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296857
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 13:09:58 +0000 (13:09 +0000)]
Document r296853, OpenSSH 7.2p2.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296855
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 13:06:51 +0000 (13:06 +0000)]
Update copyright year.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296854
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
des [Mon, 14 Mar 2016 13:05:13 +0000 (13:05 +0000)]
MFS (r296781):
MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh
PR: 207679
Security: CVE-2016-3115
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296853
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 13:04:40 +0000 (13:04 +0000)]
Update version information in 10.3-RELEASE documentation.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296852
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 12:46:24 +0000 (12:46 +0000)]
Document r294190, unbound(8) updated to 1.5.7.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296851
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 12:42:45 +0000 (12:42 +0000)]
Document r290152, file(1) updated to version 5.25.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296850
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 12:37:57 +0000 (12:37 +0000)]
Document r291774, cp(1) '-s' option.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296849
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 12:34:47 +0000 (12:34 +0000)]
Fix ordering by revision number.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296848
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 12:30:34 +0000 (12:30 +0000)]
Document r292233, nfsd(8) '-manage-gids' option.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296847
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 12:26:04 +0000 (12:26 +0000)]
Document r292462, resolv.conf(5) reloaded if mtime changed.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296846
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:46:27 +0000 (11:46 +0000)]
Document r292588, xz(1) updated to 5.2.2.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296845
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:44:11 +0000 (11:44 +0000)]
Document r293650, ntp updated to 4.2.8p5.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296844
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:41:52 +0000 (11:41 +0000)]
Document r293675, ismt(4) addition.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296843
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:36:01 +0000 (11:36 +0000)]
Document r293744, reroot support.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296842
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:30:16 +0000 (11:30 +0000)]
Document r294286, less v481
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296841
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:27:17 +0000 (11:27 +0000)]
Document r294445, loader.efi terminal emulation support.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296840
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:25:06 +0000 (11:25 +0000)]
Document r294446, Beastie menu now available with UEFI.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296839
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:21:40 +0000 (11:21 +0000)]
Document r294680, netwait update for late-attaching NICs.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296838
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:18:23 +0000 (11:18 +0000)]
Document r295367, OpenSSH 7.1p2.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296837
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:16:47 +0000 (11:16 +0000)]
Document r295264, bsdinstall(8) supports installing ZFS on EFI
systems.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296836
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:12:19 +0000 (11:12 +0000)]
Document r294999, initial EFI ZFS boot support.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296835
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:09:12 +0000 (11:09 +0000)]
Document r295475, UEFI support for ZFS boot environments.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296834
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:04:45 +0000 (11:04 +0000)]
Document r295524, ixgbe(4) update to version 3.1.13-k.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296833
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 11:02:16 +0000 (11:02 +0000)]
Document r295691, 'insecure-lan-zones' option in unbound(8) enabled
in preference of listing AS112 zones separately.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296832
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 10:57:49 +0000 (10:57 +0000)]
Document r295690, unbound-control-setup removal.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296831
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
gjb [Mon, 14 Mar 2016 10:51:08 +0000 (10:51 +0000)]
Document r296317, OpenSSL update to 1.0.1s.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296830
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Fri, 11 Mar 2016 00:06:18 +0000 (00:06 +0000)]
Update releng/10.3 to RC2 in preparation for 10.3-RC2 builds.
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296632
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
smh [Thu, 10 Mar 2016 23:45:23 +0000 (23:45 +0000)]
MFS r296629:
ZFS send fails to transmit some holes
PR: 207714
Approved by: re (gjb)
Sponsored by: Multiplay
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296631
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
marius [Thu, 10 Mar 2016 23:37:35 +0000 (23:37 +0000)]
Switch the pkg(8) repository to use the 10.3 release package set for
consistent DVD image creation.
This is a direct commit to releng/10.3.
Submitted by: gjb
Approved by: re (implicit)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296630
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
dim [Mon, 7 Mar 2016 19:59:08 +0000 (19:59 +0000)]
MFC r296419 (by kib):
In the link_elf_obj.c, handle sections of type SHT_AMD64_UNWIND same
as SHT_PROGBITS. This is needed after the clang 3.8 import, which
generates that type for .eh_frame section, which had SHT_PROGBITS type
before.
Reported by: Nikolai Lifanov <lifanov@mail.lifanov.com>
PR: 207729
Tested by: dim (previous version)
Sponsored by: The FreeBSD Foundation
MFC r296428:
Since kernel modules can now contain sections of type SHT_AMD64_UNWIND,
the boot loader should not skip over these anymore while loading images.
Otherwise the kernel can still panic when it doesn't find the .eh_frame
section belonging to the .rela.eh_frame section.
Unfortunately this will require installing boot loaders from sys/boot
before attempting to boot with a new kernel.
Reviewed by: kib
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296469
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f
dwmalone [Sun, 6 Mar 2016 18:22:24 +0000 (18:22 +0000)]
Merge 296424 from stable/10 - contains the following changes to -current:
r295924: Make sure that hash-based db files fsync befor closing/syncing.
r295925: We no longer need O_SYNC pwd_mkd
r295465: We no longer need O_SYNC on services_mkdb
r295800: We no longer need O_SYNC on cap_mkdb
Approved by: re (marius)
git-svn-id: svn://svn.freebsd.org/base/releng/10.3@296431
ccf9f872 -aa2e-dd11-9fc8-
001c23d0bc1f